I personally don't have much experience, but I was reading about SDF, and at one point the article mentions that SDF migrated to Linux in 1997, but due to the large number of malicious attacks it switched to NetBSD in 2001.

What specific features of NetBSD kept SDF safer from malicious attacks than Linux?

While the question is nicely worded and the answer it got is spot on ("it's less popular"), the title can be a bit misleading. The question is not about Linux vs NetBSD in general, but rather specifically about SDF's migration. Maybe it should be changed?
–
rahmuFeb 18 '12 at 15:31

2 Answers
2

Generally speaking NetBSD is less popular than Linux, so it has less installations and hence, less attention for malicious attacks.

Linux itself is considered to be stable and secure enough but there is no 100% secure systems in the world. In millions lines of source code of Linux there must be bunch of security holes anyway.

As I said popularity attracts more attention by black hat hackers, but it also make system even more secure, since patches, fixes are coming very actively.

Since NetBSD is not as popular as Linux (they have different goals, though) it does mean that they attack them less often, but it doesn't mean that it's more secure. Even more, it might be less secure than Linux because Linux is growing too fast and thousands of hackers around the world working on making it even more secure and stable.

Talking about SDF, it's rather SDF related rather than Linux vs NetBSD

Well, it is not just about the fact that SDF switched to Linux and then back to NetBSD.

First they switched to Linux on x86-Hardware and then to NetBSD on DEC Alpha hardware.

It is safe to say that the NetBSD/Alpha architecture is less popular in comparison to Linux/x86.

That means that it is much easier to get ready-to-run exploits or exploitation-meta-frameworks for Linux/x86 than for NetBSD/Alpha. Sure, there are probably shell-codes readily available for NetBSD/Alpha, too - but script kiddies or economically thinking attackers are not able or don't want to invest extra time integrating the shell code into an existing exploit (or creating one from scratch).

Thus, it was a kind of more security through more obscurity effect.

Besides, SDF provides shell access to pretty much everyone - and shell access is quite hard to secure against attackers. On all systems are local exploitable vulnerabilities much more common than remote ones. See e.g.the recent kernel.org break-in.

Plus, at 1997, techniques like auditing, virtualization, compartmentalization or mandatory access control (MAC) were not available/mainstream in common Linux distributions (as well as in other Unix systems).

Conclusion: SDF has by definition a very large attack surface and having switched to an 'obscure' system architecture seems to have had helped them in 1997.

(PS: I am ignoring other possible influencing factors, e.g. different degrees in familiarity with administrating the one system vs. the other, learning from past mistakes in system administration or something like that.)